CVE-2011-1002 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 98%

Vendor	Product	Version
avahi	avahi	𝑥 ≤ 0.6.28
avahi	avahi	0.1
avahi	avahi	0.2
avahi	avahi	0.3
avahi	avahi	0.4
avahi	avahi	0.5
avahi	avahi	0.5.1
avahi	avahi	0.5.2
avahi	avahi	0.6.1
avahi	avahi	0.6.2
avahi	avahi	0.6.3
avahi	avahi	0.6.4
avahi	avahi	0.6.5
avahi	avahi	0.6.6
avahi	avahi	0.6.7
avahi	avahi	0.6.8
avahi	avahi	0.6.9
avahi	avahi	0.6.10
avahi	avahi	0.6.11
avahi	avahi	0.6.12
avahi	avahi	0.6.13
avahi	avahi	0.6.14
avahi	avahi	0.6.15
avahi	avahi	0.6.16
avahi	avahi	0.6.17
avahi	avahi	0.6.18
avahi	avahi	0.6.19
avahi	avahi	0.6.20
avahi	avahi	0.6.21
avahi	avahi	0.6.22
avahi	avahi	0.6.23
avahi	avahi	0.6.24
avahi	avahi	0.6.25
avahi	avahi	0.6.26
avahi	avahi	0.6.27
redhat	enterprise_linux	5.0
redhat	enterprise_linux	6.0
canonical	ubuntu_linux	8.04
canonical	ubuntu_linux	9.10
canonical	ubuntu_linux	10.04
canonical	ubuntu_linux	10.10
debian	debian_linux	5.0
debian	debian_linux	6.0
debian	debian_linux	7.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

avahi

bullseye	0.8-5+deb11u2 fixed
bookworm	0.8-10 fixed
sid	0.8-13 fixed
trixie	0.8-13 fixed

Ubuntu Releases

Ubuntu Product

Codename

avahi

maverick	Fixed 0.6.27-2ubuntu3.1 released
lucid	Fixed 0.6.25-1ubuntu6.2 released
karmic	Fixed 0.6.25-1ubuntu5.3 released
hardy	Fixed 0.6.22-2ubuntu4.3 released
dapper	ignored

Known Exploits!

Common Weakness Enumeration

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References

http://avahi.org/ticket/325

http://git.0pointer.de/?p=avahi.git%3Ba=commit%3Bh=46109dfec75534fe270c0ab902576f685d5ab3a6

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055858.html

http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

http://openwall.com/lists/oss-security/2011/02/18/1

http://openwall.com/lists/oss-security/2011/02/18/4

http://osvdb.org/70948

http://secunia.com/advisories/43361

http://secunia.com/advisories/43465

http://secunia.com/advisories/43605

http://secunia.com/advisories/43673

http://secunia.com/advisories/44131

http://ubuntu.com/usn/usn-1084-1

http://www.debian.org/security/2011/dsa-2174

http://www.mandriva.com/security/advisories?name=MDVSA-2011:037

http://www.mandriva.com/security/advisories?name=MDVSA-2011:040

http://www.openwall.com/lists/oss-security/2011/02/22/9

http://www.redhat.com/support/errata/RHSA-2011-0436.html

http://www.redhat.com/support/errata/RHSA-2011-0779.html

http://www.securityfocus.com/bid/46446

http://www.vupen.com/english/advisories/2011/0448

http://www.vupen.com/english/advisories/2011/0499

http://www.vupen.com/english/advisories/2011/0511

http://www.vupen.com/english/advisories/2011/0565

http://www.vupen.com/english/advisories/2011/0601

http://www.vupen.com/english/advisories/2011/0670

http://www.vupen.com/english/advisories/2011/0969

http://xorl.wordpress.com/2011/02/20/cve-2011-1002-avahi-daemon-remote-denial-of-service/

https://bugzilla.redhat.com/show_bug.cgi?id=667187

https://exchange.xforce.ibmcloud.com/vulnerabilities/65524

https://exchange.xforce.ibmcloud.com/vulnerabilities/65525

http://avahi.org/ticket/325

http://git.0pointer.de/?p=avahi.git%3Ba=commit%3Bh=46109dfec75534fe270c0ab902576f685d5ab3a6

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055858.html

http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

http://openwall.com/lists/oss-security/2011/02/18/1

http://openwall.com/lists/oss-security/2011/02/18/4

http://osvdb.org/70948

http://secunia.com/advisories/43361

http://secunia.com/advisories/43465

http://secunia.com/advisories/43605

http://secunia.com/advisories/43673

http://secunia.com/advisories/44131

http://ubuntu.com/usn/usn-1084-1

http://www.debian.org/security/2011/dsa-2174

http://www.mandriva.com/security/advisories?name=MDVSA-2011:037

http://www.mandriva.com/security/advisories?name=MDVSA-2011:040

http://www.openwall.com/lists/oss-security/2011/02/22/9

http://www.redhat.com/support/errata/RHSA-2011-0436.html

http://www.redhat.com/support/errata/RHSA-2011-0779.html

http://www.securityfocus.com/bid/46446

http://www.vupen.com/english/advisories/2011/0448

http://www.vupen.com/english/advisories/2011/0499

http://www.vupen.com/english/advisories/2011/0511

http://www.vupen.com/english/advisories/2011/0565

http://www.vupen.com/english/advisories/2011/0601

http://www.vupen.com/english/advisories/2011/0670

http://www.vupen.com/english/advisories/2011/0969

http://xorl.wordpress.com/2011/02/20/cve-2011-1002-avahi-daemon-remote-denial-of-service/

https://bugzilla.redhat.com/show_bug.cgi?id=667187

https://exchange.xforce.ibmcloud.com/vulnerabilities/65524

https://exchange.xforce.ibmcloud.com/vulnerabilities/65525